<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- //Create new profile data if not existing $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_userdetail (" . "detail_pid, detail_title, detail_firstname, detail_lastname, " . "detail_company, detail_street, detail_add, detail_city, " . "detail_zip, detail_region, detail_country, detail_fon, detail_fax, " . "detail_mobile, detail_signature, detail_prof, detail_notes, " . "detail_public, detail_newsletter) VALUES (" . $_SESSION["wcs_user_id"] . ", '" . getpostvar($_POST["form_title"]) . "', '" . getpostvar($_POST["form_firstname"]) . "', '" . getpostvar($_POST["form_lastname"]) . "', '" . getpostvar($_POST["form_company"]) . "', '" . getpostvar($_POST["form_street"]) . "', '" . getpostvar($_POST["form_add"]) . "', '" . getpostvar($_POST["form_city"]) . "', '" . getpostvar($_POST["form_zip"]) . "', '" . getpostvar($_POST["form_region"]) . "', '" . getpostvar($_POST["form_country"]) . "', '" . getpostvar($_POST["form_fon"]) . "', '" . getpostvar($_POST["form_fax"]) . "', '" . getpostvar($_POST["form_mobile"]) . "', '" . getpostvar(mb_substr($_POST["form_signature"], 0, 250)) . "', '" . getpostvar($_POST["form_prof"]) . "', '" . getpostvar(mb_substr($_POST["form_notes"], 0, 3000)) . "', " . check_checkbox($_POST["form_public"]) . ", " . check_checkbox($_POST["form_newsletter"]) . ")"; if (mysql_query($sql, $db)) { $detail_updated = $BL['be_profile_create_success']; } else { $detail_updated = $BL['be_profile_create_error']; }
require_once '../../include/config/conf.inc.php'; require_once '../inc_lib/default.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php'; checkLogin(); validate_csrf_tokens(); require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php'; if (empty($_SESSION['REFERER_URL'])) { die('Goood bye.'); } else { $ref = empty($_SESSION['REFERER_URL']) ? PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') : $_SESSION['REFERER_URL']; } if ($_SESSION["wcs_user_admin"] == 1) { //Wenn Benutzer Admin-Rechte hat if (intval($_POST["scat_new"]) === 1 && intval($_POST["scat_id"]) === 0) { if (trim($_POST["scat_name"])) { $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_schedulecat (" . "scat_name, scat_info, scat_aktiv, scat_uid) " . "VALUES ('" . getpostvar($_POST["scat_name"]) . "','" . getpostvar($_POST["scat_info"]) . "'," . intval($_POST["scat_aktiv"]) . "," . $_SESSION["wcs_user_id"] . ");"; if ($result = mysql_query($sql, $db) or die("error")) { $ref .= "&cat=" . mysql_insert_id($db); } } } if (!empty($_POST["scat_new"]) && intval($_POST["scat_id"])) { if (trim($_POST["scat_name"])) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_schedulecat SET " . "scat_name='" . getpostvar($_POST["scat_name"]) . "', " . "scat_info='" . getpostvar($_POST["scat_info"]) . "', " . "scat_aktiv=" . intval($_POST["scat_aktiv"]) . ", " . "scat_uid=" . $_SESSION["wcs_user_id"] . " WHERE scat_id=" . intval($_POST["scat_id"]) . ";"; mysql_query($sql, $db) or die("error"); } } } headerRedirect($ref);
} //check if cache = Off $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_articlecat (acat_name, acat_info, acat_aktiv, acat_ssl, acat_regonly, " . "acat_struct, acat_template, acat_sort, acat_uid, acat_alias, acat_hidden, acat_topcount, " . "acat_redirect, acat_order, acat_cache, acat_nosearch, acat_nositemap, acat_permit, acat_maxlist, " . "acat_cntpart, acat_pagetitle, acat_paginate, acat_overwrite, acat_archive, acat_class, acat_keywords, " . "acat_cpdefault, acat_lang, acat_lang_type, acat_lang_id, acat_disable301, acat_opengraph, acat_canonical, acat_breadcrumb) VALUES ('" . getpostvar($_POST["acat_name"]) . "','" . getpostvar($_POST["acat_info"], 32000) . "'," . (isset($_POST["acat_aktiv"]) ? 1 : 0) . "," . (isset($_POST["acat_ssl"]) ? 1 : 0) . "," . (isset($_POST["acat_regonly"]) ? 1 : 0) . "," . intval($_POST["acat_struct"]) . "," . intval($_POST["acat_template"]) . "," . $acat_sort_fallback . "," . $_SESSION["wcs_user_id"] . ",'" . proof_alias($_POST["acat_id"], $_POST["acat_alias"]) . "'," . $acat_hidden . ", " . intval($_POST["acat_topcount"]) . ",'" . getpostvar($_POST["acat_redirect"]) . "', " . set_correct_ordersort() . ",'" . $cache_timeout . "', '" . (isset($_POST['acat_nosearch']) ? 1 : '') . "'," . (isset($_POST["acat_nositemap"]) ? 1 : 0) . "," . "'" . $acat_permit . "', " . intval($_POST["acat_maxlist"]) . ", " . _dbEscape($acat_cntpart) . ",'" . getpostvar($_POST["acat_pagetitle"]) . "', " . (isset($_POST["acat_paginate"]) ? 1 : 0) . ", '" . getpostvar($_POST["acat_overwrite"]) . "'," . (empty($_POST["acat_archive"]) ? 0 : 1) . ", " . _dbEscape($acat_class) . ", " . _dbEscape($acat_keywords) . ", " . intval($_POST["acat_cpdefault"]) . "," . _dbEscape($acat_lang) . ',' . _dbEscape($acat_lang_type) . ',' . _dbEscape($acat_lang_id) . ',' . (empty($_POST["acat_disable301"]) ? '0' : '1') . ',' . (empty($_POST["acat_opengraph"]) ? 0 : 1) . ', ' . _dbEscape(clean_slweg($_POST["acat_canonical"], 2000)) . ',' . $acat_breadcrumb . ')'; if ($result = mysql_query($sql, $db) or die("MySQL Error: " . mysql_error())) { $ref .= "&cat=" . mysql_insert_id($db); } } } if (isset($_POST["acat_new"]) && isset($_POST["acat_id"]) && intval($_POST["acat_new"]) == 0 && intval($_POST["acat_id"])) { if (trim($_POST["acat_name"])) { $cache_timeout = clean_slweg($_POST["acat_timeout"]); if (isset($_POST['acat_cacheoff']) && intval($_POST['acat_cacheoff'])) { $cache_timeout = 0; //check if cache = Off } $sql = "UPDATE " . DB_PREPEND . "phpwcms_articlecat SET " . "acat_name='" . getpostvar($_POST["acat_name"]) . "', " . "acat_info='" . getpostvar($_POST["acat_info"], 32000) . "', " . "acat_alias=" . _dbEscape(proof_alias($_POST["acat_id"], $_POST["acat_alias"])) . ", " . "acat_aktiv=" . (isset($_POST["acat_aktiv"]) ? 1 : 0) . ", " . "acat_struct=" . intval($_POST["acat_struct"]) . ", " . "acat_template=" . intval($_POST["acat_template"]) . ", " . "acat_sort=" . $acat_sort_fallback . ", " . "acat_uid=" . $_SESSION["wcs_user_id"] . ", " . "acat_hidden=" . $acat_hidden . ", " . "acat_ssl=" . (isset($_POST["acat_ssl"]) ? 1 : 0) . ", " . "acat_regonly=" . (isset($_POST["acat_regonly"]) ? 1 : 0) . ", " . "acat_topcount=" . intval($_POST["acat_topcount"]) . ", " . "acat_redirect='" . getpostvar($_POST["acat_redirect"]) . "'," . "acat_order=" . set_correct_ordersort() . ", " . "acat_cache=" . _dbEscape($cache_timeout) . ", " . "acat_nosearch='" . (isset($_POST['acat_nosearch']) ? 1 : '') . "', " . "acat_nositemap=" . (isset($_POST["acat_nositemap"]) ? 1 : 0) . ", " . "acat_permit=" . _dbEscape($acat_permit) . ", " . "acat_maxlist=" . intval($_POST["acat_maxlist"]) . ", " . "acat_cntpart=" . _dbEscape($acat_cntpart) . ", " . "acat_pagetitle='" . getpostvar($_POST["acat_pagetitle"]) . "', " . "acat_paginate=" . (isset($_POST["acat_paginate"]) ? 1 : 0) . ", " . "acat_overwrite='" . getpostvar($_POST["acat_overwrite"]) . "', " . "acat_archive=" . (empty($_POST["acat_archive"]) ? 0 : 1) . ", " . "acat_class=" . _dbEscape($acat_class) . ", " . "acat_keywords=" . _dbEscape($acat_keywords) . "," . "acat_cpdefault=" . intval($_POST["acat_cpdefault"]) . ',' . "acat_lang=" . _dbEscape($acat_lang) . ',' . "acat_lang_type=" . _dbEscape($acat_lang_type) . ',' . "acat_lang_id=" . _dbEscape($acat_lang_id) . ',' . "acat_disable301=" . (empty($_POST["acat_disable301"]) ? '0' : '1') . ',' . "acat_opengraph=" . (empty($_POST["acat_opengraph"]) ? '0' : '1') . ',' . "acat_canonical=" . _dbEscape(clean_slweg($_POST["acat_canonical"], 2000)) . ',' . "acat_breadcrumb=" . $acat_breadcrumb . " WHERE acat_id=" . intval($_POST["acat_id"]); mysql_query($sql, $db) or die(_report_error('DB', $sql)); } } //diverse Aktionen $do = explode("|", isset($_GET["do"]) ? $_GET["do"] : ''); switch (intval($do[0])) { case 1: //Einfügen in $do[1] = intval($do[1]); //cut ID $do[2] = intval($do[2]); //paste ID $do[3] = intval($do[3]); //sort Number if ($do[1]) {
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- //Updates the profile datas $sql = "UPDATE " . DB_PREPEND . "phpwcms_userdetail SET " . "detail_title='" . getpostvar($_POST["form_title"]) . "'," . "detail_firstname='" . getpostvar($_POST["form_firstname"]) . "'," . "detail_lastname='" . getpostvar($_POST["form_lastname"]) . "'," . "detail_company='" . getpostvar($_POST["form_company"]) . "'," . "detail_street='" . getpostvar($_POST["form_street"]) . "'," . "detail_add='" . getpostvar($_POST["form_add"]) . "'," . "detail_city='" . getpostvar($_POST["form_city"]) . "'," . "detail_zip='" . getpostvar($_POST["form_zip"]) . "'," . "detail_region='" . getpostvar($_POST["form_region"]) . "'," . "detail_country='" . getpostvar($_POST["form_country"]) . "'," . "detail_fon='" . getpostvar($_POST["form_fon"]) . "'," . "detail_fax='" . getpostvar($_POST["form_fax"]) . "'," . "detail_mobile='" . getpostvar($_POST["form_mobile"]) . "'," . "detail_signature='" . getpostvar(mb_substr($_POST["form_signature"], 0, 250)) . "'," . "detail_prof='" . getpostvar($_POST["form_prof"]) . "'," . "detail_notes='" . getpostvar(mb_substr($_POST["form_notes"], 0, 3000)) . "'," . "detail_public=" . (empty($_POST["form_public"]) ? 0 : 1) . "," . "detail_newsletter=" . (empty($_POST["form_newsletter"]) ? 0 : 1) . " WHERE " . "detail_pid=" . $_SESSION["wcs_user_id"]; if (mysql_query($sql)) { $detail_updated = $BL['be_profile_update_success']; } else { $detail_updated = $BL['be_profile_update_error']; }
function zone_browser($like = NULL, $highlight = NULL) { global $zone_group_size, $soa_table_name, $rr_table_name, $use_pgsql; echo "<DIV align=center>\n"; if ($zone_group_size == 0) { $res = sql_query(soa_select() . " ORDER BY origin") or ErrSQL("Error loading SOA record(s)."); } else { /* Get current offset and total number of zones */ $page = getpostvar('page'); $total = sql_count("SELECT COUNT(*) FROM {$soa_table_name} {$like}", "number of SOA records"); $offset = offset_select($page, $total, $zone_group_size, "action=browse"); $query = soa_select() . " {$like} ORDER BY origin "; if ($use_pgsql) { $query .= "LIMIT {$zone_group_size} OFFSET {$offset}"; } else { $query .= "LIMIT {$offset},{$zone_group_size}"; } $res = sql_query($query) or ErrSQL("Error loading SOA record(s)."); } ?> <TABLE class=browserBox cellspacing=0> <?php while ($soa = sql_fetch_array($res)) { $record_count = sql_count("SELECT COUNT(*) FROM {$rr_table_name} WHERE zone={$soa['id']}", "number of resource records in zone {$soa['id']}"); $output_origin = $soa['origin']; if ($highlight) { $output_origin = str_replace($highlight, "<span class=highlight>{$highlight}</span>", $output_origin); } ?> <TR bgcolor="<?php echo bgcolor(); ?> "> <TD class=browserCellLeft><A href="<?php echo $_SERVER['PHP_SELF']; ?> ?zone=<?php echo $soa['id']; ?> " title="Edit zone <?php echo $soa['id']; ?> "><?php echo $output_origin; ?> </A> <TD class=browserCellRight><?php echo nf($record_count); ?> record(s) <?php } echo "</TABLE>\n"; echo "</DIV>\n"; }